The New Growth Era of External Attack Surface Management

This interview with Camille Charaudeau, Vice President, Product Strategy at CybelAngel, was previously published in European Business Magazine.

Please provide a brief overview of CybelAngel, its origins and how it has evolved since it was founded.

In 2013, two brothers, Erwan and Stevan Keraudy, brought together a team of experts in Artificial Intelligence (AI) and cybersecurity, to design a solution that approached cybersecurity from the ‘outside-in,’ just as cyber criminals do. CybelAngel was born, and a global movement began. Almost a decade later, our team has grown to 180 people protecting leading brands worldwide.

Today, CybelAngel is an international pioneer in External Attack Surface Management (EASM), with the most extensive external asset discovery and threat detection techniques. Every 24 hours, CybelAngel scans the entire Internet to unearth shadow IT, exposed assets, connected devices and cloud services that might pose an advantageous opportunity for threat actors. Adversaries can launch phishing campaigns, initiate ransomware attacks or access confidential data if these scans are not initiated.

CybelAngel is the only EASM provider that can discover, inventory, monitor, access and remediate an organisation’s entire external digital footprint.

What are the challenges that organisations face in managing an ever-growing attack surface?

Some of the biggest challenges come from ‘Shadow IT’ (where software, devices, or applications are used without consent from the IT security team), taking the form of unsecured IoT devices, cloud storage vessels, and open databases that leave sensitive data unguarded.

As organisations continue their digital transformation journey, and expand their IT networks with a combination of on-premises and cloud infrastructure, the issue of asset exposure becomes more crucial. The cloud has opened new possibilities for organisations in scaling their operations, but this has also meant that there are more opportunities for misconfigurations and errors in security. In fact, our investigations highlighted that cloud storage is now the critical factor for data exposure. We discovered that leaks, due to external cloud storage, spiked by 150 percent in 2021 compared to the previous year.

It is evident that organisations need an approach that goes beyond their perimeter, to give them an insight into their external attack surface. Businesses need an ‘outside-in’ view to detect threats before a devastating breach.

What are the risks for businesses if they don’t address threats beyond their own perimeter?

Without visibility of these risks, organisations could unwittingly be leaving the door wide open, to the obvious advantage of cyber attackers.

The threat actors could simply locate publicly accessible cloud databases with scanning tools to get access to sensitive data. In such cases, they don’t require any login credentials, or access to admin accounts, to extort sensitive information or access critical assets.

Unfortunately, in most cases, unsecured data is left unmonitored, meaning organisations may only realise that they have been breached once it is too late. In such a scenario, an enterprise will mostly find out that they have been breached when a customer discovers its impact or when an investigation by law enforcement takes place.

In both cases, the reputation of the business is at stake. It is, therefore, vital security teams have visibility of assets located beyond their perimeter and enforce external attack surface management.

In short, you need to identify any exposed assets or data before the attackers do.

What are the common causes of data leaks that organisations should be addressing?

The common causes of data leaks generally fall into the following categories. The first is misconfigured databases; many leaks are a result of leaving the door to your database open because of misconfigurations or poor password protection. Then there are forgotten databases, which could be left unchecked by security teams, allowing criminals to steal sensitive data. This also happens when companies switch from one database to another, but forget to erase the previous iteration.

Supply chain attacks have now become a pressing issue as they exploit connections of partners and vendors. These can be even more difficult to pinpoint, as security teams may have little visibility over a third party’s security, yet any lapses in security from these suppliers could provide an easy entry point for cyber attackers.

How is the market offering for CybelAngel evolving to meet these needs?

As organisations’ external digital landscapes have seen explosive expansion, now surpassing their internal digital footprint, we’re constantly looking at how we can provide customers with the best solutions. They need complete visibility on external risks ensuring security teams can respond as quickly as possible. Our aim is to provide them with the right level of visibility and control over their attack surface.

To meet these needs, we recently launched Xtended External Attack Surface Management (EASMX) – which reduces the risk of external attack by discovering exposed assets and threats wherever they reside, from the cloud to supply chain and third-party exposures to dark web mentions.

It’s a comprehensive solution designed to discover unknown exposures and vulnerabilities and enable teams to remediate threats rapidly with contextualised information.

What are the routes to market, and which are the fastest-growing channels in Europe?

CybelAngel primarily addresses the security concerns of large enterprises, but has recently developed solutions and offers to address mid-market organisations. 

We are on a path to becoming a channel-first organisation, building our partner network throughout Europe and the Middle east. 

CybelAngel is also working closely with managed security service providers and large systems integrators to provide additional value through service and seamless integration within the tool stack and operations of our customers.

Lastly, we are experiencing growth in a few key industries that are in greater need of external threat protection,including: healthcare, manufacturing, financial services, telecom operators and retail.

How has the European business grown over the last 6 months, where are the key areas of investment for the company?

CybelAngel is continually adding new customers across the board.  

The latest addition to our external attack surface management suite, Asset Discovery and Monitoring, is now proving extremely useful to our historical customers, suffering a lack of visibility and control over exposed assets that can put them at risk. 

We are seeing strong traction in this space. We’re therefore making sure a large portion of our current and future resource and development investments are targeted towards solving the Shadow IT issues our customers face. 

We strive at providing end-to-end solutions to our customers, who have expressed the need for one platform to identify, assess, prioritise and remediate external threats. We’re making sure we’re their one-stop shop for everything external.